On Tue, 18 Nov 2003, Alan wrote: > Running programs in a sandbox or letting the OS decide what is or is not > a virus would require some sort of database for the os to look up a > binary fingerprint, or do some sort of heuristic check to see what the > app or docuement is doing, and if it's allowed. It would have to know > that ssh starting up is different than a user (or root) executed program > that opens up a port that allows incoming connections. A central database of binary footprints is not the way to go. Microsoft tried something like this with Authenticode. The local database of footprints should only be used to enforce policy decisions made by the user (e.g. "let this app open an IRC port"). -- Stuart D. Gathman <stuart@xxxxxxxx> Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "[Microsoft] products are even less buggy than others, in terms of per capita usage." - Steve Balmer, Microsoft Corporation _______________________________________________ gnome-list mailing list gnome-list@xxxxxxxxx http://mail.gnome.org/mailman/listinfo/gnome-list